k8s-安装
节点规划
3台机器,一个master,两个node
| 主机名 | IP | 系统版本 |
|---|---|---|
| master | 192.168.137.200 | AlmaLinux release 9.6 (Sage Margay) |
| node1 | 192.168.137.201 | AlmaLinux release 9.6 (Sage Margay) |
| node2 | 192.168.137.202 | AlmaLinux release 9.6 (Sage Margay) |
VM网络配置
通过ikuai构建路由系统,模拟真实网络环境
- 下载ISO:https://www.ikuai8.com/component/download
- 新建虚拟机,仅主机模式
- 新建网络适配器 NAT模式,用于连接互联网
- 设置LAN地址 192.168.137.50 默认用户名密码admin / admin
- 网络设置 WAN网绑定网卡 DHCP模式
- 修改各个机器的IP地址, vim /etc/NetworkManager/system-connections/*.nmconnection
method=manual
address1=192.168.137.200/24,192.168.137.50
dns=8.8.8.8;114.114.114.114
准备
# 更新系统
yum -y update
yum upgrade
# 设置hostname 分别设置
hostnamectl set-hostname master
hostnamectl set-hostname node1
hostnamectl set-hostname node2
# 配置hosts解析
echo "192.168.137.200 master" >> /etc/hosts
echo "192.168.137.201 node1" >> /etc/hosts
echo "192.168.137.202 node2" >> /etc/hosts
# 配置系统参数
echo "net.bridge.bridge-nf-call-iptables=1" >> /etc/sysctl.conf
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
echo "net.bridge.bridge-nf-call-ip6tables=1" >> /etc/sysctl.conf
modprobe br_netfilter
sysctl -p
# 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
# 永久关闭selinux
sed -i 's/enforcing/disabled/g' /etc/selinux/config
# 关闭swap
swapoff -a
sed -ri 's/.*swap.*/#&/' /etc/fstab
# yum install -y conntrack ntpdate ntp ipvsadm ipset iptables curl sysstat libseccomp wget vim net-tools git
# yum install -y redhat-lsb socat conntrack jq curl wget sysstat libseccomp vim git chrony
# 调整系统时区
## 设置系统时区为 中国/上海
timedatectl set-timezone Asia/Shanghai
## 将当前的 UTC 时间写入硬件时钟
timedatectl set-local-rtc 0
## 重启依赖于系统时间的服务
systemctl restart rsyslog
systemctl restart crond
安装docker
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager \
--add-repo \
http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install -y docker-ce
systemctl start docker.service
sudo rpm -ivh https://vault.centos.org/centos/8/BaseOS/x86_64/os/Packages/libcgroup-0.41-19.el8.x86_64.rpm
sudo rpm -ivh https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.1/cri-dockerd-0.3.1-3.el8.x86_64.rpm
sudo systemctl daemon-reload
sudo systemctl enable --now docker
sudo systemctl enable --now cri-docker.service
sudo systemctl enable --now cri-docker.socket
systemctl status docker
systemctl status cri-docker
systemctl status cri-docker.socket
sudo usermod -a -G docker oracle
安装
# 配置K8s源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
#安装kubelet、kubeadm和kubectl
yum install -y kubelet-1.23.0 kubeadm-1.23.0 kubectl-1.23.0
#设置kubelet开机自启
systemctl enable kubelet
部署master
# master初始化
kubeadm init --apiserver-advertise-address=192.168.137.200 --image-repository=registry.aliyuncs.com/google_containers --kubernetes-version v1.23.0 --service-cidr=10.10.10.0/24 --pod-network-cidr=10.20.20.0/24 --ignore-preflight-errors=all
# 拷贝加入节点命令
kubeadm join 192.168.137.200:6443 --token bu84ib.ea83eyaf513ji01p \
--discovery-token-ca-cert-hash sha256:1e93e2e62f481b894b37e9f831e9edb4e6202ca7c5608cfee5a8dd128906fc9b
# 拷贝执行k8s认证文件
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
添加node节点
# 执行
kubeadm join 192.168.137.200:6443 --token bu84ib.ea83eyaf513ji01p \
--discovery-token-ca-cert-hash sha256:1e93e2e62f481b894b37e9f831e9edb4e6202ca7c5608cfee5a8dd128906fc9b
# 注意token有效期只有24小时,过期重新获取
kubeadm token create --print-join-command
# 在master节点检查
kubectl get nodes
部署网络
# 下载 calico.yaml 的yaml配置文件
wget https://docs.projectcalico.org/manifests/calico.yaml --no-check-certificate
# 修改里面定义Pod网络(CALICO_IPV4POOL_CIDR),与之前kubeadm init的 --pod-network-cidr指定的一样
- name: CALICO_IPV4POOL_CIDR
value: "10.20.20.0/24"
# 修改国外镜像源 doker.io到huawewicloud
## 检查镜像源
cat calico.yaml | grep 'image:'
## 替换
sed -i 's#docker.io/calico/cni:v3.25.0#swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/cni:v3.25.0#' calico.yaml
sed -i 's#docker.io/calico/node:v3.25.0#swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/node:v3.25.0#' calico.yaml
sed -i 's#docker.io/calico/kube-controllers:v3.25.0#swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/kube-controllers:v3.25.0#' calico.yaml
# 部署calico网络服务
kubectl apply -f calico.yaml
# 检查服务创建的状态,由于要拉取镜像到本地,所以服务创建需要一段时间。
kubectl get pods -n kube-system